Breach of the data protection peace

With the ICO rarely fining for breaches of the Data Protection Act, are businesses breaking rules as they can get away with it or is the ICO bringing about some other type of corporate telling off?

You don't have to read too far into the Information Commissioner's Office (ICO) website to find its mission statement. The ICO has been established to "Uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals."

Lone justice?

With this declaration in mind, one might naturally question the statistics pertaining to recent judiciary actions carried out by the ICO. Reports earlier this year highlighted the fact just 36 out of 2,565 data breaches were acted upon by the ICO, with only four cases resulting in monetary fines.

Security vendors from far and wide have used this apparent' shortfall in regulatory discipline as a platform for reinforcing the effectiveness of their data protection products. So as the Data Protection Act (DPA) and issues relating to information compliance gain an ever-greater number of column inches, is it time to question whether we are at an industry tipping point and about to fall?

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Is it time to question whether we are at an industry tipping point and about to fall?

"The reports noting that just one per cent of data breaches have been fined by the ICO risk undermining its power to force companies to take their internal security measures seriously," said Nigel Hawthorn, vice president of EMEA marketing for Blue Coat Systems.

"When the ICO increased the maximum fine tenfold from 50,000 to half a million pounds last year, this should have sent a clear message to the market that companies needed to get their house in order. But why bother sharpening the ICO's teeth if they are not prepared to bite?"

Industry opinion appears to lay part of the blame for compliance issues on the proliferation of devices and flexibility of new work practices. Both of these factors are further fuelled by the consumerisation of IT, which makes it increasingly difficult for companies to protect data and increasingly easy to lose it.

Matthew Tomlinson, a board director at secure network specialist Secure Data, said we will see an increase in audits and fines from the ICO over the coming years, but companies really need to take responsibility for data protection and start policing themselves.

"In practice it is unrealistic for the ICO to audit every company; they do not have the resources or the capacity," he said.

Advertisement - Article continues below

"However, we are seeing larger corporations already beginning to police themselves due, foremost, to the fear of public backlash if they were to have a major data breach. You only have to look at the recent Sony data breach to see the public affect it has on the company."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020